CVE Catalog

CVE-2026-10118

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

An integer overflow vulnerability was found in Poppler's Splash backend in the `tilingPatternFill` function. A remote attacker can exploit a crafted PDF file, leading to undersized heap allocation and subsequent out-of-bounds write.

Risk Assessment

Successful exploitation could allow arbitrary code execution, information disclosure, or denial of service in the context of the application processing the PDF.

Recommendation

Update Poppler to the latest patched version immediately. Consider restricting processing of untrusted PDF files.

Original NVD description (English source)

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to an undersized heap memory allocation, allowing a subsequent out-of-bounds write. Successful exploitation could result in arbitrary code execution, information disclosure, or denial of service within the context of the application processing the PDF.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS